Data Encryption and Legal Compliance

On
March 1, 2010, legislation entitled "Standards
for the Protection of Personal Information of Residents of the
Commonwealth" (MGL 201 CMR 17.00) went into effect.
This law applies to all businesses that operate in Massachusetts as
well as businesses throughout the country that maintain or transmit
personally identifiable information (PII) on Massachusetts
residents. The law applies whether your business has just one
computer or 500 computers.

What Is Personally Identifiable Information?
Stated simply, PII is the combination of first or last name, or
initials, along with Social Security number, driver's license
number, state-issued ID card number, financial account number,
credit card number or debit card number. As an example, if you keep
records anywhere on your network, such as in QuickBooks or even in
an Excel spreadsheet, that contain information like "John Doe with
credit card number 123-456-789-012," then you are subject to these
regulations.

What Do You Need To Do?
The new law provides standards that you need to follow. For
example, all PII must be stored in an encrypted format on any
portable medium such as laptops, certain types of handhelds and flash drives, or
when being transmitted through an unsecured medium such as the
Internet. Note that password-protection does not qualify as
protection; the data must be "transformed" through encryption.

In addition to data encryption, the law also states that your
business must create and maintain a written information security
plan (WISP), a detailed document describing your policies and
procedures. You're also obligated to designate a Data
Security Coordinator, maintain specific levels of network
protection, document your account management processes and much
more.

Failure to comply with the new law can result in serious financial
penalties as well as a loss of public confidence. Are you
prepared?

How Can Fieldbrook Solutions Help My Business?
Fieldbrook has studied the law and its intricacies so that it can
offer a full solution to those organizations that need to prepare their
infrastructure and business practices to be in compliance. Fieldbrook
will work with you to identify and remediate those areas that need enhanced
security, deploy an appropriate encryption solution, and prepare and deliver the WISP.

Contact us to find out what steps your
business must take to be in compliance with the new law:

Note: The hyperlink above has been
intentionally disabled to discourage address harvesters (spambots).